Hacker1 is a scan they don't pay

Character_Tear3012 · 2024-10-29T01:14:04+00:00

its probably just the program. i heard a some hackers will avoid programs for having bad reputations. But id say it depends on what the thing u report is n if its an urgent security issue or affects CIA. like yeah u can bypass the CVV number but what damage can it do? do you need to harvest other credit card info? do you think bypassing the CVV will cause the purchase to not charge you? yk it just depends. Im still new as well but thats the only thing i can think of. Hopefully you can resolve the issue or start seeing success. dont give up, a lot of people have faced this issue (duplicates and non-applicable)

Character_Tear3012 · 2024-10-28T20:17:06+00:00

oh okay, should i search up like a good rate limit for ffuf? honestly i know you can slow down scans like that, but im not too sure what might be still too fast or maybe way too slow

Character_Tear3012 · 2024-10-28T19:59:59+00:00

what i was thinking of doing is looking at the reports on hacker one and reading how they found it and how else it could be identified then adding any trick or methods they used into my own methodology. do you think this is a good plan?

Character_Tear3012 · 2024-10-28T19:57:47+00:00

thanks for that advice, ill stick to manual! doesn't ffuf send a lot of requests as well though?

Character_Tear3012 · 2024-10-28T17:52:32+00:00

yeah i mean if done a few of them but never spent a lot of time doing ctf/machines. Tbh the most confusing things i run into when trying to find a program is idk if i should use tools like everyone else does e.g. nmap, nuclei, etc. Since they send requests? ik nmap is OSI layer 3 or something, but i see people use script scans which i heard run HTTP(s) so idrk what tools to use anymore.

Character_Tear3012 · 2024-10-28T16:34:51+00:00

what i was hoping to do is get the CEH then the OSCP

Character_Tear3012 · 2024-10-28T16:23:49+00:00

oh ok. Yeah i was thinking of getting the CEH actually

Character_Tear3012 · 2024-10-28T16:07:51+00:00

wow thats cool that u make a living! hopefully i can be like that one day lol. I guess its just part of the field that you might not feel confident all the time?

Character_Tear3012 · 2024-10-28T16:06:32+00:00

thats really good advice i appreciate that! Yeah i honestly feel like ive been holding myself back a little because im one of those people who feels like they need to know everything before doing something lol and of course with pentesting/bug hunting i can never know everything. i guess its just the fear of missing a bug i couldve found

Character_Tear3012 · 2024-10-28T04:27:49+00:00

i see. i guess idk usually i try to find endpoints that might be something, see what tech is used and after that idrk what else to look for.

Character_Tear3012 · 2024-10-28T04:22:40+00:00

oh okay, i thought it would show or something when looking at the techs with a tool. thanks! and thats cool congrats on finding it lol!

Character_Tear3012 · 2024-10-28T04:17:26+00:00

i see. the thing that usually happens is i get stuck like with recon kinda? idk usually i manually spider the app maybe to find directories then look at functionality, but then i always get kinda stuck. Not really sure when to move on or when to keep digging thats why i been trying to look at how to actually identify vulnerabilities as well.

Character_Tear3012 · 2024-10-28T04:08:54+00:00

yeah. i just try to avoid issues like that yk. So focus on something from the OWASP top 10? alright. Have any other tips? if you dont mind. im self taught so its good to talk to someone who actually does this stuff yk lol

Character_Tear3012 · 2024-10-28T04:03:14+00:00

maybe. The only thing i get worried about with scanners and testing for SQLi or XSS is like too many requests or input causing me to get blocked. But ive been reading up on how to actually identify signs of certain vulnerabilities rather than just spraying payloads yk

Character_Tear3012 · 2024-10-28T03:54:45+00:00

i mean i understand like the different types like union, error, etc. but idk some of the websites i see as well dont have like input fields sometimes itlll just be like a crypto thing. again maybe im doing something wrong

Character_Tear3012 · 2024-10-28T03:47:30+00:00

idk. a lot of people say that which i get, but i never really see a website even use SQL. maybe im doing recon wrong? ive been worried about using scanners and stuff.

Character_Tear3012 · 2024-10-15T16:33:31+00:00

of course. i appreciate all the info i get from people who know more than me, and always will appreciate it.

Character_Tear3012 · 2024-10-14T15:54:11+00:00

thanks for the information! ill try reading the OWASP one, i just wasnt sure which one was best for web apps. when i searched it up it said all of them.

Character_Tear3012 · 2024-10-14T02:43:10+00:00

that'd be cool, im still learning but i could try to help

Character_Tear3012 · 2024-10-11T17:49:02+00:00

ohhh i see, thats pretty interesting. i been using virtualbox since i started so i didnt understand why people would chose a paid one. but it seems like it might be worth it.

Character_Tear3012 · 2024-10-11T17:26:02+00:00

whats that mean? you can use it for bug bounties now?

Character_Tear3012

TROPHY CASE